- C8 + C9
- C7 (RSA, El-Gammal, DH, AES)
- One time passwords
- Open design - Assume the attackers have the sources and the specs.
- Fail-safe defaults - Fail closed; no single point of failure. Fail by default.
- Least privilege - No more privileges than what is needed.
- Economy of mechanism - Keep it simple, stupid.
- Separation of privileges - Don’t permit an operation based on a single condition.
- Total mediation - Check everything, every time.
- Least common mechanism - Beware of shared resources.
- Psychological acceptability - Will they use it?
-
- A return-into-libc attack does not cause the attacked process to return directly to shellcode and execute shellcode on the stack
- It makes it return to a libc function address (must know the address)
- It causes the process to return, one by one, to a chain of library functions
- They can directly perform the operations the attacker wants or they can be used to execute shellcode
-
- Can overwrite: function pointers, user functions, pointers to library functions, pointers to data
- Attacks might be in two steps: a buffer overflow overwrites a pointer. Later, this is used to overwrite critical area (retaddress, PLT etc)
- Race condition: when the result of an operation can be different based on the order of the processes are executed/scheduled or the order in which competing instructions are executed.
- Old UNIX login attack (press ESC repeatedly to gain root access)
- Typically race conditions happen on opening/validating files, running subprograms
- If an attacker modifies env variables and they are used in a program without validating them(i.e not checking their size when copying them), the attacker might be able to overflow the associated buffer.
- So if size/content of environment variables are not checked and they can be modified by an attacker, they can insert malicious (i.e shellcode) into the stack.
- Overwrite PATH so it executes our sh
- Can overwrite params separator (default ' ', but can be anything)
- SYN cookies
- SYN cookies are particular choices of initial TCP sequence numbers by TCP servers
- SYN cookies is a technique used to resist SYN flood attacks
- In particular, the use of SYN cookies allows the server to avoid dropping connections when the SYN queue fills up
- The server sends back the SYN+ACK response to the client but discards the SYN package
- If the server receives back an ACK from the client, it is able to reconstruct the SYN package using information encoded in the TCP sequence number
- SYN flooding leave the server with a lot of half-open connections
- Basically, the server removes the SYN packet from the queue and then later if it receives an ACK packet, it checks that the secret function works for a recent value of t and if so, it rebuilds the SYN queue later from the encoded MSS.
- Browser cookies
- Small bits of information websites store on your computer
- They are used to keep state (login, preferences etc). I.e you are on a website example.com which shows/hides an element if you click some button. If you hide & reload the page (or view it later at any point), it can use cookies to remember the state of the element and display/hide it.
- Websites are only allowed to see their own cookies
- Bad uses: a company can use cookies to track you across the web and possibly target ads. The company can see you looked on olx.com at watches so next time you're on some news site it will show you ads about watches.
- SYN flooding
- Syn flooding is a denial of service attack where an attacker can send a lot of SYN packages from random sources (might be real or not), the server will respond with SYN-ACK but even if the sources are real, they won't respond with an ACK because they don't know they initiated a connection. So the server is left with a lot of half-open connections, the SYN queue fills up, and at some point it will no longer accept connections.
- Possible bad solution: enlarge SYN queue. Does not really fix the problem, just makes it harder. Good solutions: SYN cookies, Firewalls, Filtering.
- Yes. It restricts the number of public ip addresses and allows for stricter control of resources on both sides of the firewall.
- It is the process where a network device, usually the firewall, assigns a public ip address to a machine inside a private network. Usually, all the machines in the private network have the same public ip.
- Used to conserve IPv4 address space.
- Cross-site Request Forgery (XSRF)
- Third-party, malicious sites can initiate HTTP requests to a web app on an user's behalf without his knowledge
- The attacker exploits the trust a web app has against the user's browser
- Assume victim is authenticated in the web app(the browser has a valid cookie), the attacker can include a link or a script in a third-party web app that the victim visits. This can then make HTTP requests to the web app and the server has no idea if it is a real request or a malicious one.
- Ex: Password change feature. Hacker site could execute a script to send a fake password-change request on an users behalf to the web app, which is authenticated by the browser, and the server cannot know it is an attack.
- Protection: CORS, XSRF tokens, checking origin, referer headers. Hope browsers obey same-origin policy.
- Cross-site Script Inclusion (XSSI)
- An user goes to website A which uses a script from domain B which contains sensitive data. He has to be authenticated in both.
- Attacker has website C which also loads script from B (user is authenticated in B), so they can steal the sensitive data (same execution context -- website C, can steal global variables, global functions data from B).
- Cross-site Scripting (XSS)
- Malicious users of an web application can send malicious code to a different end user through the web app (i.e comments on facebook). User X adds a comment that has a hidden javascript method that makes a XHR with the user's cookies to a web server.
- Protection: Sanitize/encode inputs (never trust user input)
- Hash functions: one-way functions, crypto: two-way functions.
- Can decrypt encrypted message, cannot 'unhash' a hashed message.
- Dictionary vs brute force attacks
- Brute force: better coverage, it covers all possible values. Takes a long time to complete. Advanced brute force attacks might use patterns (capital letters are usually at the start, only 1 or 2 digits etc)
- Dictionary: faster time. Uses a set of precomputed values in order to guess the password.
- C7 + C8
-
- Key-exchange protocol
- Typically used in symmetric encryption schemes
- Vulnerable to MITM attacks
-
- Public key encryption protocol
- Q: Can we add more details about how they work here?
- C7 + C8
- Q: What is this?
- C10 (primele 2)
- Usual problems:
- Lack of freshness (the attacker can intercept a message send it again later). Solution: add "nonces" (number used once), i.e random numbers (uniqueness) or timestamps (uniqueness + freshness)
- Lack of authentication (the attacker can pretend to be someone else). Solution: challenge and wait for response, usage of private + public key encryption
- Usual attacks: man-in-the-middle, reflection attacks, reply attacks
- Have a quality antivirus
- Disable autorun feature on windows
- Have a good firewall
-
- It is an approach to restricting system access to authorised users
- Policy neutral control mechanism defined around roles/privileges
- Role user can do X, Y. Role admin-user can do U, Z.
- There can be the case that role admin-user is included in role user (admin-user can do U,Z,X,Y).
- Currently using this in a web app. OAuth 2.0 scopes. 5 roles atm: Superadmin_all, company_admin, company_user, tenant, public.
-
- Allow acce only to the ones authorised for it.
- Ex: In a military base door system, a general has access everywhere but a simple soldier only has access to 30% of the doors.
- Q: What is setuid,seteuid and how do they differ?
- Use of canaries (placed near the buffer on the stack. If overwritten => buffer overflow)
- Terminator canaries (CR,LF,-1. Used to protect against strcpy vulnerabilities)
- Random canaries (Randomly generated value known only by defense mechanism. Hard to bypass, attacker needs to read from stack)
- XOR canaries (Randomly generated value XORd with control data. Harder to bypass than random canaries, but still doable)
- Bounds checking -- add runtime bounds for each allocated memory block and check pointers against that.
- Tagging
- gets (removed in C11)
- strcpy -> strncpy
- strcat -> strncat
- Can override PATH
- Can put executable in same folder so it takes it (eg sh)
- Changing whitespace separator
- Protection: Check directory owner (in some cases, if root => ok (/bin owner root => exec sh), current dir owner != root => don't exec)
-
A confused deputy is a program that is fooled by a third party program to misuse its authority.
-
Q: How does it relate to setuid ?
- When resolving a domain name, the computer's dns server either has it cached or asks for it. The DNS server creates a 16bit token to make sure the request is relevant. The DNS server can then be flooded with replies and if we guess the 16bit token (65363 posibilities), we've successfully poisoned the dns. This was regarded as highly unlikely as the TTL was very long so only one request per day/few days could be made. But that is not true for sibling domains (aaa.google.com, aab.google.com). Dan Kaminsky demonstrated a DNS poisoning in under 10 seconds in 2008.
- The fix for this was to extend the token size to 32bit using a hack involving the udp source ports. That does not really fix it...it just makes it harder (65363 times harder). So, in theory, an attacker can still poison dns servers. A good fix would be to implement DNSSEC.
-
- Forces to terminate the connection by sending a forged TCP reset packet
- Used by the Great Firewall of China as a major way to carry out internet censorship
- MITM can listen to a connection and send forged TCP reset packets
-
- Attacker tries to predict the next sequence number used by the sending host
- After the IP address of the host and the sequence number is known, it is basically a race to get the answer to the receiver
- Can be combined with a DoS attack for higher efficiency
- Can be used to perform TCP reset attacks
Lamport (p64): one-time password scheme
Example: server stores h^(n+1) (P) (password hashed n+1 times)
When the client sends h^(n)(P), the server computes h(h ^n (P)) - it hashes the received password again.
If this is equal with h^(n+1) (P), the password is considered valid and the server now memorizes h^(n) (P)
Passcode generators: I do not what these are, but I guess that they are at least related to the "100 one-time passwords" part on the same slide 64.
So the difference between them is that the Lamport scheme requires the server to only memorize one password (h^n) instead of N passwords, but it also requires the client to compute a lot of hashes to reach h^(n-1). Also the server must always perform one hash per client (not a big problem).